[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] What the hell is that?

To: leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [leafnode-list] What the hell is that?
From: Matthias Andree <matthias.andree@xxxxxx>
Date: by mail-ob (mbox f11350)(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri Jul 12 06:58:41 2002)

Lev schrieb am Donnerstag, den 11. Juli 2002:

> I downloaded new release 1.9.24 today, compiled and installed.
> 
> When i tried to connect, reply was
> 
> Jul 11 21:45:47 localhost leafnode[261]:  Leafnode must have a 
> fully-qualified and globally unique domain name, not just 
> "localhost.streghe.cc". Edit your /etc/hosts file to add a unique, fully 
> qualified domain name. "localhost.localdomain" or thereabouts will not 
> work; it's qualified, but not unique. Jul 11 21:45:47 localhost /kernel: 
> pid 261 (leafnode), uid 0: exited on signal 6 (core dumped)
> 
> 
> I tried to configure something like ghost.streghe.cc in the configure
> file, and i put ghost.streghe.cc in the /etc/hosts file, and i changed

Either place is fine. If you put it into /etc/leafnode/config, there's
no longer the need to modify /etc/hosts, but that way, other software
like mail servers (that need to generate Message-IDs from time to time)
won't profit from the change. Leafnode does not care.

> hostname, and when i tried to connect to myself to read news it
> replied me that i cannot connect >from out of local network, "please
> read README", because connection results coming from localhost and
> hostname is ghost, so networks are different. Wow.

Yes, that's the second line of defense, but the diagnosis is wrong: The
hostname is not used for access control. The IP of the peer is compared
against all addresses and netmasks of your local interfaces. If you have
a single machine, then let your newsreader connect to 127.0.0.1.

A connect to any local IP from localhost (127.0.0.1) will work as long
as your loopback device (usually, lo or lo0) is up and has the 127.0.0.1
address.

If you can provide the log excerpt with connect from ... to..., I may be
able to give more setup hints.

What operating system does your leafnode run on?

> Since i cannot use an existing public  domain  , because i use a
> dialup connection to connect to the internet, and i cannot spoof
> anything becaus ei have a local smtp server too, simply it seems
> leafnode is useful only if someone use it in a local network, but not
> in a single machine out of the network: if i change name to the
> machine, it replies that localhost cannot connect because is out of
> local net, and if i use localhost it replies localhost is not a real
> name.

Well, you can use it outside the local network, and README says:

 =====   UPDATE FROM VERSIONS < 1.9.23
 
 If you want remote users (that are not in your LANs) that have access to
 your server in, you would only need to allow them in hosts.allow
 previously. Since leafnode 1.9.23, an additional parameter is required
 to be set to allow users outside of your LAN access to your leafnode.
 The config.example file has documentation on how to set this parameter.
 This is meant as additional security measure when some novice user hoses
 his access control configuration.

The next version of leafnode will point directly to the config.example
file.

> So, leafnode is not yet useful for me, and even i try to understand
> reasons of that useless code (tcpwrappers can do the same function
> better) , i am not able to percept them.

YOU do understand tcp_wrappers, but too many other users have failed to
follow the instructions given and tried to use leafnode without wrapping
it with tcpd.

> Simply, it seems to me you want to put limitations and limitations and
> limitations to that program only for the libido to limit your program:
> sure, now a single machine connecting via dialup cannot use leafnode
> as a cache.

No, that's not the case. I want to avoid that innocent people set up a
leafnode server, forget or fail to set up tcpd and then be abused as
spam proxies.  And I want to make sure that the "leafnode subscribes me
to the first group" problem is not some cracker's network scanner.

Common scenarios are:

#1 home user, single-computer. only the loopback device, 127.0.0.1, is
permanent; accompanied by an intermittent PPP connection. In this case,
connect from 127.0.0.1 will be the only allowed peer. (While online, the
pointtopoint peer will also be allowed access which is why tcpd is still
required.)

#2 private LAN. Assume three machines, 192.168.0.1 thru 192.168.0.3,
netmask be 255.255.255.0. Each has 127.0.0.1. Say 192.168.0.1 runs
leafnode. It will automatically accept connections from 127.*.*.* and
192.168.0.*.

#3 public LAN. Assume your leafnode runs on a machine with IP 1.2.3.4
and a netmask of 255.255.192.0. In that case, leafnode will accept
connections from 1.2.0.0 to 1.2.63.255.

In either case, someone connecting from 4.3.2.1 will not be allowed in
because this address is not local -- unless you followed the
instructions in config.example and made according changes to config.

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list

References:
- [leafnode-list] What the hell is that?
  - From: Lev

Prev by Date: Re: [leafnode-list] leafnode 1.9.25 devel preview available
Next by Date: Re: [leafnode-list] What the hell is that?
Previous by thread: Re: [leafnode-list] What the hell is that?
Next by thread: RE: [leafnode-list] What the hell is that?
Index(es):
- Date
- Thread